New Mac Malware Too Buggy to Build Botnet, Sophos Says

A new piece of malware targeting Mac users may attract attention but represents only a minor threat to the Mac, according to Sophos. Dubbed Tored, the e-mail-aware worm steals data from infected computers and attempts to build a botnet.

Security researchers at multiple vendors have reported finding a new piece
of malware targeting Macs. The good news for Mac users - it
is not quite up to snuff, according to Sophos.

Dubbed
Tored, the malware is actually a worm that installs a backdoor on infected systems
and attempts to steal e-mail addresses from infected Mac computers. The goal -
written right into the worm's RealBasic source code - is to create the "First
Mac OS X Botnet."

In
addition to stealing e-mail addresses, the malware also records some keystrokes
and attempts to copy itself to removable disk. However, according to Sophos,
bugs in the worm's code make it unlikely to spread.
According
to Sophos, the worm tries to forward itself through e-mail using a
SMTP server that is inactive. In addition, the command and control server
it contacts to receive instructions does not exist. The worm represents a
break from tradition for the limited amount of Mac malware out there, as it
is "e-mail-aware," as opposed to the Mac Trojans sometimes posted on
Websites or peer-to-peer networks.
"A
lot of Mac fans think that for something to be a worm then it requires no user
interaction to spread," said Graham Cluley, senior technology consultant at
Sophos. "Although there are some Windows worms like that (for instance, Sasser
and Code Red), many of the pieces of malware that we consider to be worms (for
instance, The Love Bug, Anna Kournikova, etc.) did require user interaction and
spread quite successfully."

Perhaps
the most interesting piece of the latest worm is that its author included this
message to aid propagation: -For Mac OS X ! :(If you are not on Mac please
transfer this mail to a Mac and sorry for our fault :)'
"The good news is that Tored doesn't appear to be a very serious
threat, and no-one is likely to encounter it," Cluley told eWEEK. "A much
more serious threat for Mac users are the Trojans that are being planted on
Websites posing as an attractive download."
Malware
authors tried to do just that in January, when a Trojan was
circulating via pirated versions of iWork -09 and the Mac version of Adobe Photoshop CS4.
Researchers at Symantec said in a paper last month that the network of infected
users, which is believed to have included some 5,000 machines, constituted the
first known Mac botnet.
Update:
This story was updated to add information about the worm.